<?php
/*
YHM (Your Hosting Manager) - Copyright 2010 All Rights Reserved. - YHM Group
Released under the Simplified BSD Licence.

Website: http://yhm.co.uk
Licence: http://yhm.co.uk/about/#licence

file: admin/announcements.php
author: Kieran D. (Polarbear541)
*/

//Init Includes, Sessions and Page Info
require_once("../global.php");
session_start();
checklogin_admin();
$username = $_SESSION['user_name'];
$page = "settings";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>YHM - Admin CP - Announcements</title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="../style.css" media="screen" />
</head>
<body>

<?php include("./header.php"); ?>

<div id="content">

<h2>Announcements - <a href="./announcements.php?action=create">Create</a></h2>
<?php

//Assign Variables
$id = intval($_GET['id']);
$action = ($_GET['action']);

if ($action == "create")
{
	echo "<form action='./announcements.php?action=do_create' method='POST'><br />
	Title: <br /><input type='text' name='title' /><br /><br />
	Message: <br /><textarea name='message' style='width:60%;height:100px;'></textarea><br /><br />
	<input type='submit' value='Submit'></form>";
}

elseif ($action == "do_create")
{
	$title = trim(htmlspecialchars(mysql_real_escape_string($_POST['title'])));
	$message  = trim(htmlspecialchars(mysql_real_escape_string($_POST['message'])));
	
	if (empty($title) || empty($message))
	{
		echo "Error: Please fill in all the fields! <br />";
		echo "<a href='./announcements.php?action=do_edit&id=$id'>Click here to go back</a>";
	}
	
	else
	{	
		$query = mysql_query("INSERT INTO ".TABLE_PREFIX."announcements VALUES (NULL, '$title','$message')");
		
		if (!$query)
		{
			echo "Error: There was a problem creating the announcement - " . mysql_error() . " <br />";
		}
		
		else
		{
			echo "Announcement created successfully! <br />";
			echo "<a href='./announcements.php'>Click here to go back if not redirected</a><br />";
			redirect("./announcements.php", 2);
		}
	}
}

elseif ($action == "edit")
{
	$title = $_POST['title'];
	$message = $_POST['message'];
	
	if ($id == null)
		{
		  die ("Please specify an announcement id to edit!<br /><br /><a href='./announcements.php>Click here to go back</a><br />");
		  exit();
		}
		
		$check_announcement_query = "SELECT MAX(id) FROM ".TABLE_PREFIX."announcements ORDER BY id DESC LIMIT 1";
		$check_announcement = mysql_query($check_announcement_query);
		$valid_announcement = mysql_result($check_announcement, 0);
       
	   if($id > $valid_announcement)
	   {
	     die ("The announcement you requested does not exist.<br /><br /><a href='./anouncements.php>Click here to go back</a><br />");
	     exit();
	   }
	
	
		//Run Queries
		$query = mysql_query("SELECT * FROM ".TABLE_PREFIX."announcements WHERE id=$id");
		$row = mysql_fetch_array($query);
	
		echo "<form action='./announcements.php?action=do_edit&id=$id' method='POST'><br />
		Title: <br /><input type='text' name='title' value='{$row['title']}' /><br /><br />
		Message: <br /><textarea name='message' style='width:60%;height:100px;'>{$row['message']}</textarea><br /><br />
		<center><input type='submit' value='Submit'></center></form>";
	
}

elseif ($action == "do_edit")
{
	$title = trim(htmlspecialchars(mysql_real_escape_string($_POST['title'])));
	$message  = trim(htmlspecialchars(mysql_real_escape_string($_POST['message'])));
	
	if (empty($title) || empty($message))
	{
		echo "Error: Please fill in all the fields! <br /><br />";
		echo "<a href='./announcements.php?action=do_edit&id=$id'>Click here to go back</a>";
	}
	
	elseif (empty($id))
	{
		echo "Error: Please specify an id! <br /><br />";
		echo "<a href='./announcements.php'>Click here to go back</a>";
	}
	
	else
	{	
		$query = mysql_query("UPDATE ".TABLE_PREFIX."announcements SET title='$title', message='$message' WHERE id='$id'");
		
		
		if (!$query)
		{
			echo "Error: There was a problem editing the announcement - " . mysql_error() . " <br />";
		}
		
		else
		{
			echo "Announcement edited successfully! <br /><br />";
			echo "<a href='./announcements.php'>Click here to go back if not redirected</a><br />";
			redirect("./announcements.php", 2);
		}
	}
}

elseif ($action == "delete")
{
	if (empty($id))
	{
		echo "Error: Please specify an id! <br /><br />";
		echo "<a href='./announcements.php'>Click here to go back</a>";
	}
	
	else
	{
		$query = mysql_query("DELETE FROM ".TABLE_PREFIX."announcements WHERE id='$id'") or die("Error:" . mysql_error());
		echo "Announcement deleted successfully! <br /><br />";
		echo "<a href='./announcements.php'>Click here to go back if not redirected</a><br />";
		redirect("./announcements.php", 2);
	}
}

else
{
	//Run Query
	$query = mysql_query("SELECT * FROM ".TABLE_PREFIX."announcements ORDER BY id DESC");

	//Display Announcements
	while($row = mysql_fetch_array($query))
	{
		if (strlen($row['message']) > 100)
		{
			$dots = "...";
		}
	
		echo "<h3>" . $row['title'] . "</h3>";
		echo substr($row['message'],0,100) . "$dots <br /><a href='./announcements.php?action=edit&id=" . $row['id'] . "'>Edit</a> | <a href='./announcements.php?action=delete&id=" . $row['id'] . "'>Delete</a><br />";
	}
}
?>



<br />
<?php require_once("../footer.php"); ?>
</div>
</body>
</html>